Techniques
Sample rules
Windows PowerShell User Agent
- source: sigma
- technicques:
- t1071
- t1071.001
Description
Detects Windows PowerShell Web Access
Detection logic
condition: selection
selection:
c-useragent|contains: ' WindowsPowerShell/'
Windows WebDAV User Agent
- source: sigma
- technicques:
- t1071
- t1071.001
Description
Detects WebDav DownloadCradle
Detection logic
condition: selection
selection:
c-useragent|startswith: Microsoft-WebDAV-MiniRedir/
cs-method: GET